Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:05, on 27.08.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe G:\BIG-Programs\Avira\AntiVir Desktop\sched.exe E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe G:\BIG-Programs\Avira\AntiVir Desktop\avguard.exe c:\xampp\apache\bin\httpd.exe D:\Program FilesHamachi\hamachi-2.exe G:\BIG-Programs\Avira\AntiVir Desktop\avshadow.exe E:\Programme\Java\jre6\bin\jqs.exe E:\WINDOWS\system32\lxdncoms.exe E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE E:\WINDOWS\system32\PnkBstrA.exe E:\WINDOWS\System32\PAStiSvc.exe E:\WINDOWS\system32\svchost.exe E:\Programme\TeamViewer\Version6\TeamViewer_Service.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe E:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe E:\WINDOWS\system32\vmnat.exe E:\WINDOWS\system32\SearchIndexer.exe D:\Program Files\VMWAREPlayer\vmware-authd.exe E:\WINDOWS\system32\vmnetdhcp.exe C:\xampp\apache\bin\httpd.exe E:\WINDOWS\system32\wbem\wmiapsrv.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Programme\TeamViewer\Version6\TeamViewer.exe G:\BIG-Programs\Avira\AntiVir Desktop\avgnt.exe E:\Programme\Synaptics\SynTP\SynTPEnh.exe D:\Program Files\VMWAREPlayer\hqtray.exe E:\Programme\Lexmark 2600 Series\lxdnmon.exe E:\Programme\Lexmark 2600 Series\ezprint.exe E:\WINDOWS\RTHDCPL.EXE E:\WINDOWS\system32\igfxtray.exe E:\WINDOWS\system32\hkcmd.exe E:\WINDOWS\system32\igfxsrvc.exe E:\WINDOWS\system32\igfxpers.exe C:\Program Files\PDF24\pdf24.exe E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe D:\Program FilesHamachi\hamachi-2-ui.exe E:\DOKUME~1\ICHA\LOKALE~1\Temp\RtkBtMnt.exe E:\WINDOWS\system32\ctfmon.exe E:\Programme\DAEMON Tools Lite\DTLite.exe D:\PROGRA~1\NSC62~1.1\NETSCP.EXE E:\Programme\Core Temp\Core Temp.exe E:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe D:\Akku.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe G:\BIG-Programs\xfire\Xfire.exe E:\Programme\Skype\Phone\Skype.exe E:\Programme\Gemeinsame Dateien\Cloanto\Software Director\softdir.exe E:\Programme\TeamViewer\Version6\tv_w32.exe E:\Programme\Internet Explorer\IEXPLORE.EXE E:\WINDOWS\system32\SearchProtocolHost.exe J:\Programs\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.telekom.at/suche R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = A1 Telekom Austria TA AG R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - E:\Programme\NCH_EN\prxtbNCH2.dll O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file) O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Programme\ConduitEngine\prxConduitEngine.dll O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - E:\Programme\NCH_EN\prxtbNCH2.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - E:\Programme\NCH_EN\prxtbNCH2.dll O3 - Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - (no file) O4 - HKLM\..\Run: [avgnt] "G:\BIG-Programs\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AzMixerSel] E:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] E:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [VMware hqtray] "D:\Program Files\VMWAREPlayer\hqtray.exe" O4 - HKLM\..\Run: [lxdnmon.exe] "E:\Programme\Lexmark 2600 Series\lxdnmon.exe" O4 - HKLM\..\Run: [EzPrint] "E:\Programme\Lexmark 2600 Series\ezprint.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] E:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program FilesHamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Mozilla Quick Launch] "D:\PROGRA~1\NSC62~1.1\NETSCP.EXE" -turbo O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Core Temp.lnk = E:\Programme\Core Temp\Core Temp.exe O4 - Startup: GM_DevUpdate.lnk = E:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe O4 - Startup: Verknüpfung mit Akku.lnk = D:\Akku.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Free YouTube Download - E:\Dokumente und Einstellungen\ICHA\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - E:\Dokumente und Einstellungen\ICHA\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: d:\program files\vmwareplayer\vsocklib.dll O10 - Unknown file in Winsock LSP: d:\program files\vmwareplayer\vsocklib.dll O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://192.168.11.100/RtspVaPgDec.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{87BC863C-19D8-43E0-AB01-196A6AFB4006}: NameServer = 10.0.0.138,10.0.0.6 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - Winlogon Notify: yaywtQjK - E:\WINDOWS\ O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - E:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - G:\BIG-Programs\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - G:\BIG-Programs\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe O23 - Service: Eyeline Video System (EyelineService) - NCH Software - E:\Programme\NCH Software\Eyeline\eyeline.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program FilesHamachi\hamachi-2.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Programme\Java\jre6\bin\jqs.exe O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe O23 - Service: lxdn_device - - E:\WINDOWS\system32\lxdncoms.exe O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe O23 - Service: STI Simulator - Unknown owner - E:\WINDOWS\System32\PAStiSvc.exe O23 - Service: SwitchBoard - Unknown owner - E:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (file missing) O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - E:\Programme\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - E:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files\VMWAREPlayer\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMWAREPlayer\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - E:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - E:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - E:\WINDOWS\system32\vmnat.exe -- End of file - 10738 bytes